33767a698cb8f241acdd54e837f1f920_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33767a698cb8f241acdd54e837f1f920_JaffaCakes118
Size

244KB
MD5

33767a698cb8f241acdd54e837f1f920
SHA1

c5e690a19c45490704956cadac8ba16cbfd93e12
SHA256

69be55e319a4163d817cb336fd3e70ae432ccbd3a1e4d6310ec0f9dd34b0874a
SHA512

89ee22ab4b6c8842be9e9a0f05fc0c4abb87ed0b7a023143b828e7d184eb4b34e6f2be5861eb70dfe9a6d7e6102f60813d19ed9e89f4700e0f7415b5443d3e2a
SSDEEP

6144:CSlIoiz5QsH0H6wSdS88maLmrbdQdxLZ0hl0:CSqoiz5QsUaBcmacbdSxL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33767a698cb8f241acdd54e837f1f920_JaffaCakes118

Files

33767a698cb8f241acdd54e837f1f920_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d9905476ddfbf19b11eba9c72b89f975

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQueryEx
CreateMutexW
PrepareTape
GetTickCount
GetProcessTimes
VirtualProtect
TlsGetValue
GetTempPathW
GetEnvironmentVariableW
GetModuleHandleA
ClearCommBreak
ReadConsoleOutputA
IsBadWritePtr
GlobalAddAtomA
CancelIo
GetBinaryTypeW
GetTapeStatus
ExitProcess
lstrcpyA
GlobalReAlloc
SetupComm
SetFileTime
IsDBCSLeadByteEx
GetNumberFormatW
SetFileAttributesA
GetStartupInfoA
GetThreadContext
SuspendThread
OutputDebugStringA
AllocConsole
SetConsoleActiveScreenBuffer
FreeResource
GlobalAddAtomW
GlobalFree
GenerateConsoleCtrlEvent
IsValidLocale
EnumSystemCodePagesA
GetCommandLineA
GetVersionExA
lstrlenA
VirtualAlloc
OpenFile

gdi32

SetDIBitsToDevice
GetPixelFormat
GetEnhMetaFileHeader
Polygon
GetEnhMetaFilePaletteEntries
PlayEnhMetaFileRecord
EnumFontFamiliesExW
SelectPalette
EndPath
SetTextJustification
GetCharWidth32W
CreateDCA

comdlg32

CommDlgExtendedError
PageSetupDlgA
GetOpenFileNameW

advapi32

GetAclInformation
RegSaveKeyA
ChangeServiceConfigA
GetSidLengthRequired
OpenThreadToken
GetSidIdentifierAuthority
CryptDeriveKey
FreeSid
GetFileSecurityA
RegRestoreKeyA
CryptDestroyKey
CryptSetProvParam
IsValidSecurityDescriptor
CryptGetProvParam
CryptVerifySignatureW
QueryServiceConfigA
CreateServiceW
EnumDependentServicesA
RegisterEventSourceW
LogonUserW

ole32

OleQueryLinkFromData
CoUninitialize
OleSetContainedObject
CoMarshalInterThreadInterfaceInStream
CoDisconnectObject

oleaut32

SafeArrayPutElement
LoadTypeLi
LoadTypeLibEx
SafeArrayRedim
VariantChangeType

comctl32

ImageList_DragLeave

shlwapi

SHCreateStreamOnFileW
PathCompactPathExW
StrDupW
PathRenameExtensionW
PathQuoteSpacesW
HashData
StrChrIA
PathIsSameRootW
PathAddExtensionW
SHSetValueA
SHRegCloseUSKey
StrCatBuffA
StrCatW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d9905476ddfbf19b11eba9c72b89f975

Headers

File Characteristics

Imports

kernel32

gdi32

comdlg32

advapi32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 232KB - Virtual size: 228KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 232KB - Virtual size: 228KB